Forum Discussion

Kevin_Davies's avatar
Kevin_Davies
Icon for Nacreous rankNacreous
Feb 22, 2026
Solved

API Pre-Authentication

Some time ago I was dealing with legacy web applications being retrofitted with modern authentication. As you can imagine this opens up a world of pain when the developers of said applications have l...
API
application delivery
authentication
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Feb 25, 2026

    Ok then APM will definetely could do the work and provide any authentication method translation.

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for MVP rankMVP
Feb 22, 2026

APM would provide solution on this, especially in cases where application itself cannot handle modern auth by itself.

But as I understand the case. If you have used oauth for both user and api calls it should be easier.

So user goes to web app -> redirect to idp ->  authenticates -> gets access token, id token etc -> login to web app -> web app use access token to access apis

And this should work with any vendor solution.

  • Kevin_Davies's avatar
    Kevin_Davies
    Icon for Nacreous rankNacreous
    Feb 22, 2026

    Not both. The first form of auth to web application front door was SAML. The second form of auth to the proxy was a JWT. The third form which I didnt discuss was an OAuth/OIDC mechanisim between the Proxy and the IDP used to get the JWT for the Proxy. As the IDP was the source of the original SAML authentication the proxy simply needed to go back to the same IDP and the user would be recognised as being logged in.

    • Injeyan_Kostas's avatar
      Injeyan_Kostas
      Icon for MVP rankMVP
      Feb 22, 2026

      Oauth saml bearer assertion flow might also been used in this case. So saml assertion could be exchanged for an access token.

      • Kevin_Davies's avatar
        Kevin_Davies
        Icon for Nacreous rankNacreous
        Feb 22, 2026

        If only it was supported.